漏洞关键信息 Overview Attack Type: Wi-Fi replay-based disconnect attack Affected Drones: DJI Mavic Mini, DJI Spark, DJI Mini SE, and other DJI drones using Enhanced Wi-Fi with WEP encryption Vulnerability: WEP encryption used in DJI's Enhanced Wi-Fi protocol is inherently weak and vulnerable to passive key recovery attacks Details Static Pairing Byte Sequence: A static sequence identified during Enhanced Wi-Fi pairing process can be reused across DJI drones with the same protocol Attack Mechanism: After decrypting the sequence, an attacker can re-encrypt and replay crafted IEEE 802.11 frames, causing forced disconnection between drone and remote controller Impact Denial of Service (DoS): Loss of control and telemetry between drone and RC Unauthenticated: No prior pairing or authentication required beyond possession of WEP key Flight State Independence: Works when the drone is on the ground or in the air Persistence: Drone remains disabled as long as replayed frames are broadcasted Usage Provided exploit code for executing the attack can be run on a compatible system with wireless interface in monitor mode ( )